字符串 ') and Issue_No=(select Issue_No from OA where Script_ID=@Script_ID) order by ID ' 后的引号不完整。 ') and Issue_No=(select Issue_No from OA where Script_ID=@Script_ID) order by ID ' 附近有语法错误。 依特征频率的安卓恶意软件异常检测的研究-《智能系统学报》

 ZHANG Yuling,YIN Chuanhuan.Android malware outlier detection based on feature frequency[J].CAAI Transactions on Intelligent Systems,2018,13(02):168-173.[doi:10.11992/tis.201609016]





Android malware outlier detection based on feature frequency
张玉玲 尹传环
北京交通大学 计算机与信息技术学院, 北京 100044
ZHANG Yuling YIN Chuanhuan
School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
Android systemmalwaredata miningabnormal detectionsvddimplicit characteristicssingle classifierfeature frequency
Due to the advantages of open source and portability, Android has become a mobile OS with the largest market share. Various attacks toward Android also emerge in endlessly, the Android-oriented detection for malwares has become a quite important link recently in the field of mobile safety. The problems to be faced include difficult collection of malicious software, imbalanced proportion of the abnormal samples and normal samples. In order to effectively overcome the above difficulties, Droid-Saf framework was proposed, a data processing scheme revealing the implicit characteristics of data was proposed in the framework; the hidden information contained in the sample was treated as a new feature; in modeling, the sample features were integrated into the algorithm and dynamic slack variables were established. Static analytic method was applied to decompile apk, the improved svdd single classifier was used for classification, the deficiency of difficult collection of abnormal software in the system for detecting malicious software was overcome, the rate of missing report and the misjudgment rate of abnormal detection were lowered. The Experimental results verified the effectiveness and applicability of the algorithm.


[1] 微头条. Gartner: 2016全球手机出货预计19.59亿部[EB/OL]. http://www.wtoutiao.com/p/19cnOtt.html.
[2] 中文业界资讯站. 2015年Android恶意软件样本数量超230万[EB/OL]. [2017-05-13]. http://www.cnbeta.com/articles/478843.html.
[3] 杨威, 肖旭生, 李邓锋, 等. 移动应用安全解析学: 成果与挑战[J]. 信息安全学报, 2016, 1(2): 1-14.
YANG Wei, XIAO Xusheng, LI Dengfeng, et al. Security analytics for mobile apps: achievements and challenges[J]. Journal of cyber security, 2016, 1(2): 1-14.
[4] AVDⅡENKO V, KUZNETSOV K, GORLA A, et al. Mining apps for abnormal usage of sensitive data[C]//Proceedings of 37th IEEE International Conference on Software Engineering. Florence, Italy, 2015: 426-436.
[5] JUSZCZAK P. Learning to recognise: a study on one-class classification and active learning[D]. TU Delft, the Netherlands: Delft University of Technology, 2006.
[6] ZHOU W, ZHOU Y, GRACE M, et al. Fast, scalable detection of piggybacked mobile applications[C]//Proceedings of the third ACM conference on Data and application security and privacy. [s.l.], ACM, 2013: 185-196.
[7] TAX D M J, DUIN R P W. Support vector data description[J]. Machine learning, 2004, 54(1): 45-66.
[8] ZHOU Wu, ZHOU Yajin, GRACE M, et al. Fast, scalable detection of “piggybacked” mobile applications[C]//Proceedings of the Third ACM Conference on Data and Application Security and Privacy. San Antonio, Texas, USA, 2013: 185-196.
[9] GRACE M, ZHOU Yajin, ZHANG Qiang, et al. Riskranker: scalable and accurate zero-day Android malware detection[C]//Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MOBISYS). Lake District, UK, 2012: 281-294.
[10] WU Songyang, WANG Pan, LI Xun, et al. Effective detection of android malware based on the usage of data flow APIs and machine learning[J]. Information and software technology, 2016, 75: 17-25.
[11] YUAN Zhenlong, LU Yongqiang, WANG Zhaoguo, et al. Droid-Sec: deep learning in android malware detection[C]//Proceedings of the 2014 ACM Conference on SIGCOMM. Chicago, Illinois, USA, 2014: 371-372.
[12] SHEEN S, ANITHA R, NATARAJAN V. Android based malware detection using a multifeature collaborative decision fusion approach[J]. Neurocomputing, 2015, 151: 905-912.
[13] TAM K, KHAN S J, FATTORI A, et al. CopperDroid: automatic reconstruction of android malware behaviors[OL/EB]/. [2016-03-24]. https://www.researchgate.net/publication/300925104.
[14] BURGUERA L, ZURUTUZA U, NADJM-TEHRANI S. Crowdroid: behavior-based malware detection system for android[C]//Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. Chicago, Illinois, USA, 2011: 15-26.
[15] TAM K, KHAN S J, FATTORI A, et al. CopperDroid: Automatic Reconstruction of Android Malware Behaviors[C]//Proceedings of Annual Network and Distributed System Security (NDSS). San Diego, United States, 2015.
[16] FARUKI P, BHANDARI S, LAXMI V, et al. DroidAnalyst: synergic app framework for static and dynamic app analysis[M]//ABIELMONA R, FALCON R, ZINCIR-HEYWOOD N, et al. Recent Advances in Computational Intelligence in Defense and Security. Cham: Springer, 2016: 519-552.
[17] TAX M J D, DUIN ROBERT P W. Support vector domain description[J]. Pattern recognition letters, 1999, 20(11/12/13): 1191-1199.
[18] HASTIE T, TIBSHIRANI R, FRIEDMAN J. Unsupervised learning[M]//HASTIE T, TIBSHIRANI R, FRIEDMAN J. The Elements of Statistical Learning. New York, USA: Springer, 2009: 485-585.
[19] CRISTIANINI N, SHAWE-TAYLOR J. 支持向量机导论[M]. 李国正,译. 北京: 电子工业出版社, 2004: 57-61.
CRISTIANINI N, SHAWE-TAYLOR J. An introduction to support vector machines and other kernel-based learning methods[M]. LI Guozheng, Trans. Beijing: Publishing House of Electronics Industry, 2004: 57-61.
[20] 罗隽, 丁力, 潘志松, 等. 异常检测中频率敏感的单分类算法研究[J]. 计算机研究与发展, 2007, 44(Z2): 235-239.
LUO Jun, DING Li, PAN Zhisong, et al. Research on sequence-call-frequency-based one-class algorithm in abnormal detection[J]. Journal of computer research and development, 2007, 44(Z2): 235-239.
[21] 张玉玲, 尹传环. 基于SVM的安卓恶意软件检测[J]. 山东大学学报: 工学版, 2017, 47(1):42-47.
ZHANG Yuling, YIN Chuanhuan. Android malware detection based on SVM[J]. Journal of Shandong university: engineering science, 2017, 47(1): 42-47.


更新日期/Last Update: 1900-01-01